Make WordPress Core

Changeset 6183


Ignore:
Timestamp:
10/03/2007 04:17:54 PM (17 years ago)
Author:
ryan
Message:

Add sanitize_url. Don't convert ampersands in URLs when saving to DB. fixes #4411 for 2.3

Location:
branches/2.3/wp-includes
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/2.3/wp-includes/default-filters.php

    r6141 r6183  
    2626}
    2727
    28 // URL
     28// Save URL
    2929$filters = array('pre_comment_author_url', 'pre_user_url', 'pre_link_url', 'pre_link_image',
    30     'pre_link_rss', 'comment_url');
     30    'pre_link_rss');
     31foreach ( $filters as $filter ) {
     32    add_filter($filter, 'strip_tags');
     33    add_filter($filter, 'trim');
     34    add_filter($filter, 'sanitize_url');
     35    add_filter($filter, 'wp_filter_kses');
     36}
     37
     38// Display URL
     39$filters = array('user_url', 'link_url', 'link_image', 'link_rss', 'comment_url');
    3140foreach ( $filters as $filter ) {
    3241    add_filter($filter, 'strip_tags');
  • branches/2.3/wp-includes/formatting.php

    r6150 r6183  
    10881088}
    10891089
    1090 function clean_url( $url, $protocols = null ) {
     1090function clean_url( $url, $protocols = null, $context = 'display' ) {
    10911091    $original_url = $url;
    10921092
     
    11041104        $url = 'http://' . $url;
    11051105
    1106     $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
     1106    // Replace ampersands ony when displaying.
     1107    if ( 'display' == $context )
     1108        $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
     1109
    11071110    if ( !is_array($protocols) )
    11081111        $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet');
     
    11101113        return '';
    11111114
    1112     return apply_filters('clean_url', $url, $original_url);
     1115    return apply_filters('clean_url', $url, $original_url, $context);
     1116}
     1117
     1118function sanitize_url( $url, $protocols = null ) {
     1119    return clean_url( $url, $protocols, 'db');
    11131120}
    11141121
  • branches/2.3/wp-includes/widgets.php

    r6170 r6183  
    10021002    if ( $_POST["rss-submit-$number"] ) {
    10031003        $newoptions[$number]['items'] = (int) $_POST["rss-items-$number"];
    1004         $url = clean_url(strip_tags(stripslashes($_POST["rss-url-$number"])));
     1004        $url = sanitize_url(strip_tags(stripslashes($_POST["rss-url-$number"])));
    10051005        $newoptions[$number]['title'] = trim(strip_tags(stripslashes($_POST["rss-title-$number"])));
    10061006        if ( $url !== $options[$number]['url'] ) {
Note: See TracChangeset for help on using the changeset viewer.